Create CSR and Private Key in One Command
The following is a single command you can use to create a Private Key and CSR (Certificate Signing Request). The words in bold should be replaced to match you the website you’re creating the certificate for.
openssl req -nodes -out linuxbucket.com.csr \ -newkey rsa:2048 -keyout linuxbucket.com.key \ -config <( cat <<-EOF [req] default_bits = 2048 prompt = no req_extensions = req_ext distinguished_name = req_distinguished_name [ req_distinguished_name ] C=US ST=New York L=New York O=Linux Bucket OU=Web Security emailAddressemail@example.com CN = linuxbucket.com [ req_ext ] subjectAltName = @san_names [ san_names ] DNS.1 = www.linuxbucket.com DNS.2 = test.linuxbucket.com EOF )
Self-Sign Your Certificate in One Command
Once again replace the bold text to match your website. This certificate will be valid for 1 year.
openssl x509 \ -signkey linuxbucket.com.key \ -in linuxbucket.com.csr \ -req -days 365 -out linuxbucket.com.crt
At this point you could use the .key and .crt to secure your domain. Of course you wouldn’t want to use this on a public website as self-signed certificates are meant more for internal use. The reason is that with sefl-signed certificates your users will get certificate errors telling them that the certificate is not signed by a known authority like Verisign, etc.